oss-sec mailing list archives
Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)
From: Jeff Breidenbach <jeff () jab org>
Date: Thu, 30 Dec 2010 11:01:35 -0800
Earl, http://www.mhonarc.org/MHonArc/doc/faq/security.html#htmlexchow One of my hats is the Debian package maintainer for mhonarc. I'm tempted to disable HTML mail support by default rather than try to improve it. What do you think about the idea? What do you think about implementation? The package does not have control over the resource file, so it would probably have to be a code patch. -Jeff
Current thread:
- CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Jan Lieskovsky (Dec 21)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Earl Hood (Dec 21)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Raphael Geissert (Dec 22)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Jeff Breidenbach (Dec 30)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Josh Bressers (Dec 21)
- Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS) Earl Hood (Dec 21)